You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-5Lines changed: 6 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -232,10 +232,6 @@ and a CodeBuild project being launched successfully
232
232
233
233
## Troubleshooting
234
234
235
-
## Q-Networking: What's the requirements for the inbound/outbound connection?
236
-
A: Refer to [Sysdig SASS Region and IP Ranges Documentation](https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/) to get Sysdig SaaS endpoint and allow both outbound (for compute vulnerability report) and inbound (for scheduled compliance checkups)
237
-
<br/>ECS type deployment will create following [security-group setup](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/modules/services/cloud-connector-ecs/sec-group.tf)
238
-
239
235
## Q-General: Need to modify cloud-connector config (to troubleshoot with `debug` loglevel, modify ingestors for testing, ...)
240
236
A: both in ECS and AppRunner workload types, cloud-connector configuration is passed as a base64-encoded string through the env var `CONFIG`
241
237
<br/>S: Get current value, decode it, edit the desired (ex.:`logging: debug` value), encode it again, and spin it again with this new definition.
@@ -249,14 +245,19 @@ with the correct values. Check [Sysdig SaaS per-region URLs if required](https:/
249
245
### Q-General: I'm not able to see Cloud Infrastructure Entitlements Management (CIEM) results
250
246
A: Make sure you installed both [cloud-bench](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/modules/services/cloud-bench) and [cloud-connector](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/modules/services/cloud-connector) modules
251
247
248
+
249
+
## Q-General-Networking: What's the requirements for the inbound/outbound connection?
250
+
A: Refer to [Sysdig SASS Region and IP Ranges Documentation](https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges/) to get Sysdig SaaS endpoint and allow both outbound (for compute vulnerability report) and inbound (for scheduled compliance checkups)
251
+
<br/>ECS type deployment will create following [security-group setup](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/modules/services/cloud-connector-ecs/sec-group.tf)
252
+
252
253
### Q-Scanning: I'm not seeing any image scanning results
253
254
A: Need to check several steps
254
255
<br/>S: First, image scanning is not activated by default. Ensure you have the [required scanning enablers](https://docs.sysdig.com/en/docs/installation/sysdig-secure-for-cloud/deploy-sysdig-secure-for-cloud-on-aws/#enabling-image-scanner) in place.
255
256
<br/>Currently, images are scanned on registry/repository push events, and on the supported compute services on deployment. Make sure these events are triggered.
256
257
<br/>Dig into secure for cloud compute log (cloud-connector) and check for errors.
257
258
<br/>If previous logs are ok, check [spawned scanning service](http://localhost:1313/en/docs/sysdig-secure/sysdig-secure-for-cloud/#summary) logs
258
259
259
-
### Q-Scanning: Images pushed to Management Account ECR are not scanned
260
+
### Q-AWS-Scanning: Images pushed to Management Account ECR are not scanned
260
261
A: We don’t scan images from the management account ECR because is not a best practies to have an ECR in this account.
261
262
</br>S: Following Role has to be created in the management account
0 commit comments